Using CAPTCHA for PERL

I have broken down this program as simply as possible. The basic idea is to use a directory of images (not web readable) to be called into a form using a standard HTML IMG TAG. When the user requests the image, the image name and users IP are written to a temporary file that will later be compared to the form submission text to verify that the user is indeed a human being or at least a monkey that can read.

See how the DEMO CAPTCHA works for yourself.

The nice part is that you will not need to install any modules and it can be run from any server that supports perl. Although I really have no clue about windows servers, its written for unix, if it works on windows great, if not, Oh well! If you program on windows, you should be able to make the adjustments relatively easily.

You will need 2 perl programs provided and one page with the form. The form can be delived from any static or dynamic page. To insure 100% compatability, a dynamic page will be needed.

captcha.cgi will deliver the images to a page called by using a standard image tag <img src="captcha.cgi">. This program should stand on its own and will not need to be added to any existing programs.

check-captcha.cgi will take the form input and compare it to the image that was displayed. This will be the code you want to integrate into your program for form validation.

form.cgi is included to provide a working solution as well as an html form that will also work. However, when using the html form you will need to create a dynamic querry string for the image tag.

for example: <img src="captcha.cgi?randomnumber">

By changing the querry string represented by "randomnumber" you will insure that older browsers will load a new image each time the page is accessed.

Older browsers cache one image as the only image to be displayed. By using the form.cgi the random number can be printed right to the page by the program. Of course any dynamic page like asp, jsp and so on could easily do the same thing. It will also confuse the hell out of the scammers who think the random string has some relationship to the text on the image.

If you are using shtml or server parsed pages you can use the time function to create a dynamic number for the cgi with:

<img src="captcha.cgi?<!--#config timefmt="%s" -->
<!--#echo var="DATE_LOCAL" -->">

The program is as simplifed as possible. The error and response messages are simple and clear. You will obviously want to replace the messages with your own. The words will make sense to a programer but you do not want to tell a user "no file found to verify input".

The programs only serve as a sample of working code. But with the image files, they should be enough for any hacker to knock out a very secure and simple CAPTCHA system for their programs.

About The Program - How I came up with the idea and the theory behind it.

Installation - How to install the demo program and get it working.

Download the Files - complete files including 1000 images.

Limitations - Program limitations.

Advantages - Advantages of this program over other techniques, besides the fact that this program is absolutly free.

Additional image sets - Here are a few additional image sets some are clear and easy to read, others are seemingly ocr proof. We hope to set up a utility here to allow anyone to generate their own images in any quantity, but setting that up will take time that is not currently available. If we get lots of requests, it will likley be added. We would like to see if anyone is interested before spending the time setting it up. So for now we have just made a few sets of 1000 images each to get people started.

NOTICE: We always appreciate any link backs to our sites, especially this one which is very new. I have not added any links in the programs to save everyone the time of removing them. But we would like to make this program as well as many more, freely available to anyone looking for great perl solutions. So don't hesitate to add a link on your website to our free programs.

User Notes - Here are some ideas and feedback from people that have installed the program and offered some additional ideas and help.